Import of a user in demo/grouper

Last modified 05 Mar 2021 18:03 +01:00

This is an example of initial import of agasper user from SIS Persons resource.

Clockwork run with focus 'agasper'

  Clockwork click: state INITIAL, execution wave 0, projection wave 0

    # Standard inbound mappings (very simple)

    Mapping - INBOUND (SQL SIS persons (sources)): attributes/surname -> familyName
     | Input input: Gasper
     | Output: Add: Gasper
    Mapping - INBOUND (SQL SIS persons (sources)): attributes/uid -> name
     | Input input: agasper
     | Output: Add: agasper
    Mapping - INBOUND (SQL SIS persons (sources)): attributes/givenName -> givenName
     | Input input: Ann
     | Output: Add: Ann
    Mapping - INBOUND (SQL SIS persons (sources)): attributes/fullName -> fullName
     | Input input: Ann Gasper
     | Output: Add: Ann Gasper
    Mapping - INBOUND (SQL SIS persons (sources)): attributes/mail -> emailAddress
     | Input input: agasper@example.edu
     | Output: Add: agasper@example.edu
    # Input (uid) in these two mappings is actually not used.
    Mapping - INBOUND (SQL SIS persons (sources)): attributes/uid -> assignment
     | Strength: STRONG
     | Input input: agasper
     | Output: Add: assignment with subtype=grouper-basic, targetRef=Role:role-ldap-basic
     | Expression: assignmentTargetSearch
    Mapping - INBOUND (SQL SIS persons (sources)): attributes/uid -> assignment
     | Strength: STRONG
     | Input input: agasper
     | Output: Add: assignment with subtype=grouper-basic, targetRef=Archetype:SIS Person
     | Expression: assignmentTargetSearch

    # Now the user template is engaged. The following mapping creates assignment(s) based on Grouper group membership. Currently there are none, because Grouper is not reconciled yet.
    Mapping - TEMPLATE (template-user): name -> assignment
     | Strength: STRONG
     | Input name: (no values) -> agasper
     | Output: (none)

    # Standard outbound mappings for LDAP resource

    Mapping - OUTBOUND (LDAP (directory)): employeeNumber -> attributes/employeeNumber
     | Strength: STRONG
     | Input employeeNumber: (no values)
     | Condition: false -> true
     | Output: (none)
    Mapping - OUTBOUND (LDAP (directory)): familyName -> attributes/sn
     | Strength: STRONG
     | Input familyName: (no values) -> Gasper
     | Condition: false -> true
     | Output: Add: Gasper
    Mapping - OUTBOUND (LDAP (directory)): fullName -> attributes/cn
     | Strength: STRONG
     | Input fullName: (no values) -> Ann Gasper
     | Condition: false -> true
     | Output: Add: Ann Gasper
    Mapping - OUTBOUND (LDAP (directory)): name -> attributes/dn
     | Strength: STRONG
     | Input name: (no values) -> agasper
     | Condition: false -> true
     | Output: Add: uid=agasper,ou=People,dc=internet2,dc=edu
     | Expression: 'uid=' + name + ',ou=People,dc=internet2,dc=edu'
    Mapping - OUTBOUND (LDAP (directory)): givenName -> attributes/givenName
     | Strength: STRONG
     | Input givenName: (no values) -> Ann
     | Condition: false -> true
     | Output: Add: Ann
    Mapping - OUTBOUND (LDAP (directory)): emailAddress -> attributes/mail
     | Strength: STRONG
     | Input emailAddress: (no values) -> agasper@example.edu
     | Condition: false -> true
     | Output: Add: agasper@example.edu
    Mapping - OUTBOUND (LDAP (directory)): name -> attributes/uid
     | Strength: STRONG
     | Input name: (no values) -> agasper
     | Condition: false -> true
     | Output: Add: agasper
    Mapping - OUTBOUND (LDAP (directory)): credentials/password/value -> credentials/password/value
     | Input input: (no values)
     | Output: (none)
     | Expression: (none)

  Clockwork click: state PRIMARY, execution wave 0, projection wave 1

  Clockwork click: state SECONDARY, execution wave 0, projection wave 1

    # The execution starts here.

    Focus change execution: ADD of agasper
     > ObjectDelta<UserType>(UserType:7df679b3-012f-4fdb-a51a-0909886ae59f,ADD):
     >       name: agasper
     >       assignment:
     >         id=1
     >           subtype: [ grouper-basic ]
     >           targetRef: oid=c89f31dd-8d4f-4e0a-82cb-58ff9d8c1b2f(RoleType)[default]
     >         id=2
     >           subtype: [ grouper-basic ]
     >           targetRef: oid=958da09c-fefb-11e9-892d-975972472527(ArchetypeType)[default]
     >       emailAddress: agasper@example.edu
     >       fullName: Ann Gasper
     >       givenName: Ann
     >       familyName: Gasper
     = SUCCESS

    Projection change execution: ADD of uid=agasper,ou=People,dc=internet2,dc=edu on LDAP (directory)
     > ObjectDelta<ShadowType>(ShadowType:a8d11789-516a-42d1-8031-c8f7df35dcac,ADD):
     >       lifecycleState: proposed
     >       resourceRef: oid=0a37121f-d515-4a23-9b6d-554c5ef61272(ResourceType)
     >       objectClass: {...resource/instance-3}inetOrgPerson
     >       auxiliaryObjectClass: [ {...resource/instance-3}eduPerson ]
     >       kind: ACCOUNT
     >       intent: default
     >       attributes:
     >           mail: [ agasper@example.edu (raw) ]
     >           uid: [ agasper (raw) ]
     >           dn: [ uid=agasper,ou=People,dc=internet2,dc=edu (raw) ]
     >           sn: [ Gasper (raw) ]
     >           givenName: [ Ann (raw) ]
     >           cn: [ Ann Gasper (raw) ]
     >           nsUniqueId: [ 60492e01-6eeb11ea-aea2e81e-c052617a (raw) ]
     = SUCCESS